CVE-2025-71348

Summary

picklescan before 0.0.28 fails to detect malicious pickle files that invoke torch.utils._config_module.load_config function within reduce methods. Attackers can craft pickle files embedding arbitrary code that evades detection but executes during pickle.load, enabling remote code execution in supply chain attacks.

Affected Software

VendorProductVersion RangeStatus
picklescanpicklescan0 < 0.0.28affected
picklescanpicklescan0.0.28unaffected

Weaknesses

  • CWE-502: Deserialization of Untrusted Data

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

Additional References

References